Explore modern web application vulnerabilities in this comprehensive conference talk. Delve into emerging security issues gaining popularity through bug bounty programs. Walk through lesser-known and new vulnerability classes, understanding how they manifest in contemporary web applications. Learn detection techniques and mitigation strategies for these threats. Cover topics including Blind XXE, JSON serialization, deserialization attack gadgets, custom deserialization attacks, template injection, server-side request forgery (SSRF), subdomain takeover, web cache poisoning, and GraphQL gotchas. Gain insights into common mistakes, protection methods, and testing approaches for each vulnerability type. Discover the underlying causes and complexities of these security issues, including tricky headers and IP address blacklisting challenges. Benefit from practical examples, crowd demonstrations, and valuable resources to enhance your web application security knowledge.